Operational Risk and Advisory IT and Information Security Specialist

Job Description

The position of Operational Risk and Advisory IT and Information Security Specialist is part of the Operational Risk function, a critical component of the second line of defense. This role is responsible for the comprehensive monitoring of operational risk activities, with a strong focus on new technologies, information security, and cyber risks.

Main tasks

• Development, implementation, and execution of risk management activities:
  • Improving the risk management framework with regard to risk assessment and consulting, particularly in relation to new technologies, information security, and cyber risks.
  • Collaborating with business units to integrate advanced risk management practices into their operations.
• Risk Assessment and Analysis:
  • Conducting ad hoc risk assessments and analyses, particularly with regard to information security and cyber threats, to identify potential issues and propose effective mitigation measures.
  • Conducting incident analyses to determine the causes, identify mitigation measures, and ensure that follow-up actions are implemented.
• Consulting support:
  • Providing advisory support to business units, including reviewing the internal control framework with a focus on IT and information security, to support the bank’s sustainable business development.
  • Expert advice on risk mitigation strategies, particularly with regard to information security and new technologies.
• Reporting and Communication:
  • Reporting and presenting risk assessment results to risk management leadership and other relevant stakeholders, with a focus on cyber risks and technological vulnerabilities.
  • Preparation of detailed risk reports and presentations for review by senior management.
• Digitization of solutions:
  • Actively participate in the implementation of new digital solutions to support the global rollout of the internal control system, ensuring that these solutions take into account information security requirements and cyber risks.

Requirements

• A bachelor's degree in business administration, economics, natural sciences, information security, or a related field.
• 10 years of professional experience, including consulting or auditing at a leading professional services firm and/or in a comparable position at a market-leading bank.
• A strong understanding of core banking systems, end-to-end transaction processing, and cybersecurity principles.
• Proven ability to write reports and communicate effectively with a senior audience.
• Excellent analytical skills and a structured approach to problem-solving and reporting.
• Excellent communication skills in English, both written and spoken.
• Ability to work independently as part of a global team in a fast-paced environment.